Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus's!


  • This topic is locked This topic is locked
43 replies to this topic

#1 runner13

runner13

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 04 March 2013 - 07:49 PM

Mod Edit:moved to Proper forum ~~ boopme

 

Hello, I'm new to this forum thing, lol. Well my son's Yahoo e-mail was hacked and concequently deleted!! So he lost everything! After a process over the phone with a tech (from INDIA!!!) he informed me that my computer had 4582 Trojan virus's!!! I thought that I had my system secured! I run Avast antivirus and run scans every week. Anyway I was told by a tech friend to run Combofix, and on that page was instructed to post to this forum. Sooo here I am :) I don't know if this will save time or not but I'll stick the log file below from my computer. My son uses his laptop primarily and I have ran combofix on it as well. I can send that one if wanted. Thanks for your help.

 

 

ComboFix 13-03-04.01 - Kurt 03/04/2013  19:04:55.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1216 [GMT -5:00]
Running from: c:\documents and settings\Kurt\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-05 to 2013-03-05  )))))))))))))))))))))))))))))))
.
.
2013-03-04 22:13 . 2013-02-28 08:36    163784    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-03-04 22:13 . 2013-02-28 08:36    49320    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-03-04 22:13 . 2013-02-28 08:36    66408    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-03-04 21:01 . 2013-03-04 22:17    --------    d-----w-    c:\documents and settings\Kurt\Local Settings\Application Data\LogMeIn Rescue Applet
2013-02-27 21:25 . 2013-02-27 21:25    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 08:00 . 2013-02-20 08:00    --------    d-----w-    c:\program files\MSXML 4.0
2013-02-20 01:49 . 2011-09-28 14:20    200704    ----a-w-    c:\windows\system32\vbalExpBar6.ocx
2013-02-20 01:49 . 2011-09-28 14:20    40960    ----a-w-    c:\windows\system32\SSubTmr6.dll
2013-02-20 01:49 . 2011-09-28 14:20    15360    ----a-w-    c:\windows\system32\inetfr.DLL
2013-02-20 01:49 . 2011-09-28 14:20    119568    ----a-w-    c:\windows\system32\VB6FR.DLL
2013-02-20 01:49 . 2011-09-28 14:20    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
2013-02-20 01:49 . 2011-09-28 14:20    484352    ----a-w-    c:\windows\system32\lame_enc.dll
2013-02-20 01:49 . 2011-09-28 14:20    32768    ----a-w-    c:\windows\system32\CMDLGFR.DLL
2013-02-20 01:49 . 2011-09-28 14:20    141312    ----a-w-    c:\windows\system32\MSCMCFR.DLL
2013-02-20 01:49 . 2013-02-20 01:49    --------    d-----w-    c:\documents and settings\Kurt\Application Data\FreeBurner
2013-02-20 01:48 . 2013-02-20 01:49    --------    d-----w-    c:\program files\Free Easy CD DVD Burner
2013-02-20 01:22 . 2013-02-20 01:35    --------    d-----w-    c:\documents and settings\Kurt\Application Data\ImgBurn
2013-02-20 00:47 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Roxio
2013-02-20 00:23 . 2008-08-01 06:00    25584    ------w-    c:\windows\system32\drivers\SaibVd32.sys
2013-02-20 00:23 . 2008-08-01 06:00    20464    ------w-    c:\windows\system32\drivers\SahdIa32.sys
2013-02-20 00:23 . 2008-08-01 06:00    15856    ------w-    c:\windows\system32\drivers\SaibIa32.sys
2013-02-20 00:22 . 2013-02-20 00:23    --------    d-----w-    c:\program files\InterActual
2013-02-20 00:19 . 2013-02-20 00:19    --------    d-----w-    c:\program files\Windows Sidebar
2013-02-19 23:05 . 2013-02-20 00:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Roxio
2013-02-19 23:03 . 2013-02-20 00:22    --------    d-----w-    c:\program files\Roxio Creator 2009 Ultimate
2013-02-19 23:02 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\SmartSound Software
2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\MSXML 6.0
2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:36 . 2011-05-31 20:55    368248    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-28 08:36 . 2011-05-31 20:55    765808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-28 08:36 . 2011-05-31 20:55    62448    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-28 08:36 . 2011-05-31 20:55    49832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-02-28 08:36 . 2011-05-31 20:55    29880    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-28 08:36 . 2011-05-31 20:55    41664    ----a-w-    c:\windows\avastSS.scr
2013-02-28 08:35 . 2011-05-31 20:55    228600    ----a-w-    c:\windows\system32\aswBoot.exe
2013-02-27 21:25 . 2012-08-08 23:05    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-27 21:25 . 2012-04-13 00:49    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-02-27 21:25 . 2011-05-31 18:54    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-27 13:14 . 2012-04-02 01:31    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 13:14 . 2011-05-31 22:39    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-13 23:00    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-13 23:00    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-13 23:00    1867264    ------w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-13 23:00    148992    ------w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-13 23:00    1292288    ------w-    c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2008-04-13 23:00    916480    ------w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-04-13 23:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-04-13 23:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-13 23:00    385024    ------w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-13 23:00    290560    ------w-    c:\windows\system32\atmfd.dll
2013-02-27 22:29 . 2013-02-27 22:29    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\Drgtodsc.exe" [2007-07-27 1133040]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-11 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2008-08-10 80368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Kurt\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kurt\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-11 21:58    296056    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Kurt\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/4/2013 5:13 PM 49320]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/4/2013 5:13 PM 163784]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/19/2013 7:23 PM 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/19/2013 7:23 PM 15856]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/2/2011 10:05 PM 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/31/2011 3:55 PM 765808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2011 3:55 PM 368248]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 6:39 PM 72992]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/19/2013 7:23 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [8/1/2008 11:59 AM 125424]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:32 PM 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2011 3:55 PM 29880]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/4/2013 5:13 PM 66408]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 6:39 PM 1078560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/25/2012 8:37 AM 399432]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [11/22/2010 2:50 PM 66560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2011 9:20 PM 22856]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2011 9:20 PM 676936]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/30/2011 6:51 AM 1691480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWVMM
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:14]
.
2013-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-03-04 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-09 01:33]
.
2013-03-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 08:36]
.
2013-02-20 c:\windows\Tasks\ExpressBurnDowngrade.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-01-22 08:50]
.
2013-03-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-05-31 06:22]
.
2013-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-04 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-03 00:19]
.
2013-02-20 c:\windows\Tasks\VideoPadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
.
2013-02-23 c:\windows\Tasks\VideoPadReminder.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\2ee6lzoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-01-22 18:58; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: !HIDDEN! 2011-05-31 14:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-04 19:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2013-03-04  19:14:24
ComboFix-quarantined-files.txt  2013-03-05 00:14
.
Pre-Run: 83,028,930,560 bytes free
Post-Run: 83,269,054,464 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /numproc=2
.
- - End Of File - - 42EE3A1A6140DD074470A637FC4D0E35
 


Edited by boopme, 04 March 2013 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 05 March 2013 - 08:26 AM

Hi and welcome to Bleeping Computer!   :welcome: My name is Jeff and I would be more than happy to help you with your malware related problems.


Please download DDS from either of these links

LINK 1
LINK 2
and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

aswmbr-1-1.jpg Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
aswmbrscan.jpg
Click the image to enlarge it

adwcleaner.jpgAdwCleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 March 2013 - 07:20 PM

Thank you Jeff! Ok here are the files. Hopefully I've done this right :)

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Kurt at 18:54:09 on 2013-03-05
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1367 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe
C:\Garmin\gStart.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\Drgtodsc.exe
uRun: [gStart] c:\garmin\gStart.exe
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009 ultimate\5.0\CPMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kurt\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341782609859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{925F0181-887F-4AE3-B216-BF63A6004725} : DHCPNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kurt\application data\mozilla\firefox\profiles\2ee6lzoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\kurt\application data\mozilla\firefox\profiles\2ee6lzoh.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-01-22 18:58; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: !HIDDEN! 2011-05-31 14:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-4 49320]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-4 163784]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2013-2-19 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2013-2-19 15856]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-2 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-31 765808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-31 368248]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2013-2-19 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-8-1 125424]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-9 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-31 29880]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-4 66408]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-31 45248]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-25 399432]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-11-22 66560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-2 22856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-2 676936]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-30 1691480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-03-05 00:59:01    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-05 00:59:00    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-05 00:59:00    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-28 08:36:37    765808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-28 08:36:07    41664    ----a-w-    c:\windows\avastSS.scr
2013-02-27 13:14:37    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 13:14:36    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55:44    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ------w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ------w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ------w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ------w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ------w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ------w-    c:\windows\system32\atmfd.dll
.
============= FINISH: 18:54:33.32 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2007 1:54:33 PM
System Uptime: 3/4/2013 5:13:48 PM (25 hours ago)
.
Motherboard: Dell Inc. |  | 0CU409
Processor: Intel® Pentium® Dual  CPU  E2140  @ 1.60GHz | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 77.718 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP586: 12/5/2012 12:06:51 PM - System Checkpoint
RP587: 12/6/2012 1:06:51 PM - System Checkpoint
RP588: 12/7/2012 2:06:52 PM - System Checkpoint
RP589: 12/8/2012 2:20:25 PM - System Checkpoint
RP590: 12/9/2012 3:06:14 PM - System Checkpoint
RP591: 12/10/2012 3:17:21 PM - System Checkpoint
RP592: 12/11/2012 4:06:19 PM - System Checkpoint
RP593: 12/12/2012 3:00:22 AM - Software Distribution Service 3.0
RP594: 12/13/2012 3:26:56 AM - System Checkpoint
RP595: 12/14/2012 4:25:43 AM - System Checkpoint
RP596: 12/15/2012 4:37:19 AM - System Checkpoint
RP597: 12/16/2012 4:42:26 AM - System Checkpoint
RP598: 12/17/2012 5:42:27 AM - System Checkpoint
RP599: 12/18/2012 6:41:19 AM - System Checkpoint
RP600: 12/19/2012 6:53:19 AM - System Checkpoint
RP601: 12/20/2012 7:41:19 AM - System Checkpoint
RP602: 12/21/2012 3:00:16 AM - Software Distribution Service 3.0
RP603: 12/22/2012 3:32:52 AM - System Checkpoint
RP604: 12/23/2012 4:32:52 AM - System Checkpoint
RP605: 12/24/2012 4:34:34 AM - System Checkpoint
RP606: 12/25/2012 5:46:27 AM - System Checkpoint
RP607: 12/26/2012 5:54:50 AM - System Checkpoint
RP608: 12/27/2012 6:54:49 AM - System Checkpoint
RP609: 12/28/2012 7:42:49 AM - System Checkpoint
RP610: 12/29/2012 7:54:59 AM - System Checkpoint
RP611: 12/30/2012 8:42:54 AM - System Checkpoint
RP612: 12/31/2012 8:54:54 AM - System Checkpoint
RP613: 1/1/2013 9:54:54 AM - System Checkpoint
RP614: 1/2/2013 10:54:54 AM - System Checkpoint
RP615: 1/3/2013 11:42:54 AM - System Checkpoint
RP616: 1/4/2013 3:00:14 AM - Software Distribution Service 3.0
RP617: 1/5/2013 3:43:08 AM - System Checkpoint
RP618: 1/5/2013 10:28:52 AM - Installed QuickTime
RP619: 1/5/2013 10:30:34 AM - Installed QuickTime
RP620: 1/6/2013 10:43:14 AM - System Checkpoint
RP621: 1/7/2013 11:41:24 AM - System Checkpoint
RP622: 1/8/2013 11:53:24 AM - System Checkpoint
RP623: 1/9/2013 3:00:20 AM - Software Distribution Service 3.0
RP624: 1/10/2013 3:53:30 AM - System Checkpoint
RP625: 1/11/2013 4:14:30 AM - System Checkpoint
RP626: 1/12/2013 4:35:45 AM - System Checkpoint
RP627: 1/13/2013 5:35:45 AM - System Checkpoint
RP628: 1/14/2013 6:34:52 AM - System Checkpoint
RP629: 1/15/2013 3:00:15 AM - Software Distribution Service 3.0
RP630: 1/16/2013 3:33:13 AM - System Checkpoint
RP631: 1/16/2013 4:39:50 PM - Installed Java 7 Update 11
RP632: 1/17/2013 7:29:44 PM - System Checkpoint
RP633: 1/18/2013 7:33:13 PM - System Checkpoint
RP634: 1/19/2013 8:33:14 PM - System Checkpoint
RP635: 1/20/2013 8:43:55 PM - System Checkpoint
RP636: 1/21/2013 9:30:04 PM - System Checkpoint
RP637: 1/22/2013 10:20:39 PM - System Checkpoint
RP638: 1/23/2013 11:20:34 PM - System Checkpoint
RP639: 1/25/2013 12:20:35 AM - System Checkpoint
RP640: 1/26/2013 1:06:17 AM - System Checkpoint
RP641: 1/27/2013 1:54:17 AM - System Checkpoint
RP642: 1/28/2013 2:06:17 AM - System Checkpoint
RP643: 1/29/2013 3:05:47 AM - System Checkpoint
RP644: 1/30/2013 3:15:39 AM - System Checkpoint
RP645: 1/31/2013 3:26:33 AM - System Checkpoint
RP646: 2/1/2013 4:14:33 AM - System Checkpoint
RP647: 2/2/2013 5:13:26 AM - System Checkpoint
RP648: 2/2/2013 11:40:15 AM - Removed Java 7 Update 7
RP649: 2/2/2013 11:40:49 AM - Installed Java 7 Update 13
RP650: 2/3/2013 12:13:32 PM - System Checkpoint
RP651: 2/4/2013 12:25:27 PM - System Checkpoint
RP652: 2/5/2013 1:13:27 PM - System Checkpoint
RP653: 2/6/2013 2:13:09 PM - System Checkpoint
RP654: 2/7/2013 2:21:59 PM - System Checkpoint
RP655: 2/8/2013 3:21:59 PM - System Checkpoint
RP656: 2/9/2013 5:42:46 PM - System Checkpoint
RP657: 2/10/2013 6:56:54 PM - System Checkpoint
RP658: 2/11/2013 8:23:58 PM - System Checkpoint
RP659: 2/12/2013 8:24:49 PM - System Checkpoint
RP660: 2/13/2013 9:07:41 PM - System Checkpoint
RP661: 2/14/2013 3:00:24 AM - Software Distribution Service 3.0
RP662: 2/15/2013 3:36:19 AM - System Checkpoint
RP663: 2/16/2013 3:39:39 AM - System Checkpoint
RP664: 2/17/2013 4:39:39 AM - System Checkpoint
RP665: 2/18/2013 4:51:40 AM - System Checkpoint
RP666: 2/19/2013 5:51:40 AM - System Checkpoint
RP667: 2/19/2013 6:01:34 PM - Installed DirectX
RP668: 2/19/2013 6:02:49 PM - Installed SmartSound Quicktracks Plugin
RP669: 2/19/2013 6:11:20 PM - Installed SmartSound "New Standard 22k Library"
RP670: 2/19/2013 7:15:01 PM - Installed DirectX
RP671: 2/19/2013 7:16:02 PM - Configured SmartSound Quicktracks Plugin
RP672: 2/19/2013 7:24:46 PM - Installed SmartSound "New Standard 22k Library"
RP673: 2/19/2013 7:38:35 PM - Installed SmartSound Sonicfire Pro 4
RP674: 2/20/2013 3:00:18 AM - Software Distribution Service 3.0
RP675: 2/21/2013 3:28:50 AM - System Checkpoint
RP676: 2/22/2013 4:28:50 AM - System Checkpoint
RP677: 2/23/2013 5:16:45 AM - System Checkpoint
RP678: 2/24/2013 6:16:45 AM - System Checkpoint
RP679: 2/25/2013 7:16:46 AM - System Checkpoint
RP680: 2/26/2013 7:28:46 AM - System Checkpoint
RP681: 2/27/2013 7:29:12 AM - System Checkpoint
RP682: 2/27/2013 4:24:48 PM - Removed Java 7 Update 13
RP683: 2/27/2013 4:25:26 PM - Installed Java 7 Update 15
RP684: 2/28/2013 4:54:13 PM - System Checkpoint
RP685: 3/1/2013 5:54:13 PM - System Checkpoint
RP686: 3/2/2013 6:34:45 PM - System Checkpoint
RP687: 3/3/2013 6:54:13 PM - System Checkpoint
RP688: 3/4/2013 7:58:20 PM - Removed Java 7 Update 15
RP689: 3/4/2013 7:58:54 PM - Installed Java 7 Update 17
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Blue Coat® K9 Web Protection 4.0.288
Bonjour
Burn4Free CD & DVD 5.2.0.0
Canon Easy-WebPrint EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
DirectX 9 Runtime
DivX Setup
Dropbox
DVDFab 8.1.0.5 (04/07/2011) Qt
EMC 11 Content
Express Burn
Free Easy Burner V 5.1
Garmin Communicator Plugin
Garmin Training Center
Garmin USB Drivers
Glary Utilities 2.51.0.1666
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImgBurn
Intel® PRO Network Connections 12.1.12.0
iTunes
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 31
JavaFX 2.1.1
K-Lite Mega Codec Pack 5.6.1
Malwarebytes Anti-Malware version 1.65.1.1000
MediaShout 3.5
MediaShout 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NVIDIA Drivers
Picasa 3
Plato DVD Ripper Professional 6.66.14
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Central
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Ultimate
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Disaster Recovery
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart Defrag 2
SmartSound Quicktracks Plugin
Sonic CinePlayer Decoder Pack
Sothink DVD Ripper
Sothink FLV Player
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Watermark Image software version 2.0.2.2
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
.
==== End Of File ===========================
 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-05 18:56:08
-----------------------------
18:56:08.214    OS Version: Windows 5.1.2600 Service Pack 3
18:56:08.214    Number of processors: 2 586 0xF0D
18:56:08.214    ComputerName: KURT-8275E7ED98  UserName: Kurt
18:56:09.152    Initialize success
18:56:09.402    AVAST engine defs: 13030501
18:56:17.089    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:56:17.089    Disk 0 Vendor: ST3250310AS 3.ADA Size: 238417MB BusType: 3
18:56:17.105    Disk 0 MBR read successfully
18:56:17.105    Disk 0 MBR scan
18:56:17.121    Disk 0 Windows XP default MBR code
18:56:17.121    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238402 MB offset 63
18:56:17.152    Disk 0 scanning sectors +488247480
18:56:17.214    Disk 0 scanning C:\WINDOWS\system32\drivers
18:56:23.730    Service scanning
18:56:35.199    Modules scanning
18:56:42.011    Disk 0 trace - called modules:
18:56:42.027    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:56:42.027    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5ffab8]
18:56:42.058    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a582920]
18:56:42.058    5 SahdIa32.sys[ba109931] -> nt!IofCallDriver -> \Device\00000066[0x8a606360]
18:56:42.058    7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a585940]
18:56:42.777    AVAST engine scan C:\WINDOWS
18:56:49.730    AVAST engine scan C:\WINDOWS\system32
18:59:03.730    AVAST engine scan C:\WINDOWS\system32\drivers
18:59:26.793    AVAST engine scan C:\Documents and Settings\Kurt
18:59:57.402    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kurt\Desktop\MBR.dat"
18:59:57.418    The log file has been saved successfully to "C:\Documents and Settings\Kurt\Desktop\aswMBR.txt"


# AdwCleaner v2.114 - Logfile created 03/05/2013 at 19:01:25
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Kurt - KURT-8275E7ED98
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Kurt\desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\2ee6lzoh.default\prefs.js

C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\2ee6lzoh.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Kurt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1252 octets] - [05/03/2013 19:01:25]

########## EOF - C:\AdwCleaner[S1].txt - [1312 octets] ##########
 

 

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OJAPWN
 ----- EOF -----
 



#4 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 March 2013 - 07:24 PM

Now I have my sons laptop which is actually where all this mess started (I think). Since he usually uses his laptop to do his computer work. Should I put his combofix scan in a new forum post?

 

Is it possible to pass this garbage to I phones, I pods or I pads? They're all logged into the same network.

 

Thanks again for your quick responce!

 

Kurt



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 06 March 2013 - 08:09 AM

Hi,

Sorry for any delay...I had class last night until late.
 

Should I put his combofix scan in a new forum post?

Nope...you are right where you should be.  Don't worry about making any other topics unless otherwise told.   :)

 

-----------------

 

Is it possible to pass this garbage to I phones, I pods or I pads? They're all logged into the same network.

Anything is possible but what I am seeing right now does not lead me to believe it.  I think you should be fine.

---------------

 

 

Just so I understand....the original ComboFix log you posted was from your computer or your son's?  What about the logs made by DDS, aswMBR and AdwCleaner?  What computer were those made on?

Edited by jeffce, 06 March 2013 - 08:11 AM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 March 2013 - 04:23 PM

EVERYTHING that I have posted so far is from MY computer.

Here's the latest log from new combofix scan. Thank you, Kurt :)

 

ComboFix 13-03-05.01 - Kurt 03/06/2013  16:04:35.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1350 [GMT -5:00]
Running from: c:\documents and settings\Kurt\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-06 to 2013-03-06  )))))))))))))))))))))))))))))))
.
.
2013-03-05 00:59 . 2013-03-05 00:59    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 22:13 . 2013-02-28 08:36    163784    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-03-04 22:13 . 2013-02-28 08:36    49320    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-03-04 22:13 . 2013-02-28 08:36    66408    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-03-04 21:01 . 2013-03-04 22:17    --------    d-----w-    c:\documents and settings\Kurt\Local Settings\Application Data\LogMeIn Rescue Applet
2013-02-20 08:00 . 2013-02-20 08:00    --------    d-----w-    c:\program files\MSXML 4.0
2013-02-20 01:49 . 2011-09-28 14:20    200704    ----a-w-    c:\windows\system32\vbalExpBar6.ocx
2013-02-20 01:49 . 2011-09-28 14:20    40960    ----a-w-    c:\windows\system32\SSubTmr6.dll
2013-02-20 01:49 . 2011-09-28 14:20    15360    ----a-w-    c:\windows\system32\inetfr.DLL
2013-02-20 01:49 . 2011-09-28 14:20    119568    ----a-w-    c:\windows\system32\VB6FR.DLL
2013-02-20 01:49 . 2011-09-28 14:20    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
2013-02-20 01:49 . 2011-09-28 14:20    484352    ----a-w-    c:\windows\system32\lame_enc.dll
2013-02-20 01:49 . 2011-09-28 14:20    32768    ----a-w-    c:\windows\system32\CMDLGFR.DLL
2013-02-20 01:49 . 2011-09-28 14:20    141312    ----a-w-    c:\windows\system32\MSCMCFR.DLL
2013-02-20 01:49 . 2013-02-20 01:49    --------    d-----w-    c:\documents and settings\Kurt\Application Data\FreeBurner
2013-02-20 01:48 . 2013-02-20 01:49    --------    d-----w-    c:\program files\Free Easy CD DVD Burner
2013-02-20 01:22 . 2013-02-20 01:35    --------    d-----w-    c:\documents and settings\Kurt\Application Data\ImgBurn
2013-02-20 00:47 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Roxio
2013-02-20 00:23 . 2008-08-01 06:00    25584    ------w-    c:\windows\system32\drivers\SaibVd32.sys
2013-02-20 00:23 . 2008-08-01 06:00    20464    ------w-    c:\windows\system32\drivers\SahdIa32.sys
2013-02-20 00:23 . 2008-08-01 06:00    15856    ------w-    c:\windows\system32\drivers\SaibIa32.sys
2013-02-20 00:22 . 2013-02-20 00:23    --------    d-----w-    c:\program files\InterActual
2013-02-20 00:19 . 2013-02-20 00:19    --------    d-----w-    c:\program files\Windows Sidebar
2013-02-19 23:05 . 2013-02-20 00:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Roxio
2013-02-19 23:03 . 2013-02-20 00:22    --------    d-----w-    c:\program files\Roxio Creator 2009 Ultimate
2013-02-19 23:02 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\SmartSound Software
2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\MSXML 6.0
2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 08:36 . 2011-05-31 20:55    368248    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-28 08:36 . 2011-05-31 20:55    765808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-28 08:36 . 2011-05-31 20:55    62448    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-28 08:36 . 2011-05-31 20:55    49832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-02-28 08:36 . 2011-05-31 20:55    29880    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-28 08:36 . 2011-05-31 20:55    41664    ----a-w-    c:\windows\avastSS.scr
2013-02-28 08:35 . 2011-05-31 20:55    228600    ----a-w-    c:\windows\system32\aswBoot.exe
2013-02-27 13:14 . 2012-04-02 01:31    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 13:14 . 2011-05-31 22:39    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-13 23:00    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2008-04-13 23:00    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-13 23:00    1867264    ------w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-13 23:00    148992    ------w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-13 23:00    1292288    ------w-    c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2008-04-13 23:00    916480    ------w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-04-13 23:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-04-13 23:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-04-13 23:00    385024    ------w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-13 23:00    290560    ------w-    c:\windows\system32\atmfd.dll
2013-02-27 22:29 . 2013-02-27 22:29    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\Drgtodsc.exe" [2007-07-27 1133040]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-11 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2008-08-10 80368]
.
c:\documents and settings\Kurt\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kurt\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-11 21:58    296056    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Kurt\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/4/2013 5:13 PM 49320]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/4/2013 5:13 PM 163784]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/19/2013 7:23 PM 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/19/2013 7:23 PM 15856]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/2/2011 10:05 PM 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/31/2011 3:55 PM 765808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2011 3:55 PM 368248]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 6:39 PM 72992]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/19/2013 7:23 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [8/1/2008 11:59 AM 125424]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:32 PM 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2011 3:55 PM 29880]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/4/2013 5:13 PM 66408]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 6:39 PM 1078560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/25/2012 8:37 AM 399432]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [11/22/2010 2:50 PM 66560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2011 9:20 PM 22856]
S0 cerc6;cerc6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2011 9:20 PM 676936]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/30/2011 6:51 AM 1691480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:14]
.
2013-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-03-06 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-09 01:33]
.
2013-03-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 08:36]
.
2013-03-06 c:\windows\Tasks\ExpressBurnDowngrade.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-01-22 08:50]
.
2013-03-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-05-31 06:22]
.
2013-03-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-04 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-03 00:19]
.
2013-03-06 c:\windows\Tasks\VideoPadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
.
2013-02-23 c:\windows\Tasks\VideoPadReminder.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\2ee6lzoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-01-22 18:58; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-06 15:57; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-05-31 14:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-06 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-06  16:15:48
ComboFix-quarantined-files.txt  2013-03-06 21:15
ComboFix2.txt  2013-03-05 00:14
.
Pre-Run: 83,521,712,128 bytes free
Post-Run: 83,508,535,296 bytes free
.
- - End Of File - - E41A7ED710317BF30692A55BF5E7F1F7
 



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 06 March 2013 - 09:01 PM

Hi,

 

How is your system running?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 08 March 2013 - 04:03 AM

Sorry I was busy last night, had to fix one of our projectors at the church. Well my computer seems to be fine, but I wasn't having any problems before. I was just told by some tech at Yahoo that I had over 4500 Trojan virus's on it.

 

Did the last combofix scan I posted look ok?

Should I stick with Avast for antivirus or is Security Essecials better?

 

If so I will start posting from my son's laptop.

 

I got on to check my Yahoo e-mail this morning and I had over 50 mailer-deamon returned e-mails! I will be changing my password for now, but I've already setup and am switching to Gmail!

 

My wife and I will be leaving for the weekend. So I won't be able to post or reply anymore after this one, until Monday night.

 

Thank you for all your help!!

 

Have a great weekend :)

Kurt



#9 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 08 March 2013 - 04:08 AM

I have changed e-mail to Removed  :)

 

Kurt,

I have removed the email address you posted.  I reccomend that you never do that again at places like an open forum.  What happens is that spyders can harvest your address and you will suddenly find yourself on every junk mail list that exists. -Tomk


Edited by Tomk_, 14 March 2013 - 09:06 PM.


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 08 March 2013 - 08:37 AM

Hi,

 

Glad to hear your system is running better.  

--------

 

Either Avast or Microsoft Security Essentials is good.  I recommend either one of them regularly.   :)

--------

 

The last ComboFix log looked ok.  Let's finish up with your system to be sure nothing is still in there hiding before we start on your son's.  When you get back, please do the following:

 

 

java-1.jpgClear Java Cache
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    •  
Downloaded Applets
Downloaded Applications
Other Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
----------
 

mbam-3.jpg Malwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
----------

 

 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 10 March 2013 - 07:10 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 10 March 2013 - 07:41 PM

Ok, here are the latest scans you asked for:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.10.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kurt :: KURT-8275E7ED98 [administrator]

3/10/2013 6:23:53 PM
mbam-log-2013-03-10 (18-23-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202224
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Eset Scan log

 

C:\Documents and Settings\Kurt\My Documents\Downloads\cbsidlm-tr1_10a-ImgBurn-SEO-10847481.exe    Win32/DownloadAdmin.G application
C:\Documents and Settings\Kurt\My Documents\Downloads\cnet_watermark-image_zip.exe    a variant of Win32/InstallCore.D application
C:\Documents and Settings\Kurt\My Documents\Downloads\FreeEasyCDDVDBurnerSetup-r101-w.exe    Win32/Toolbar.SearchSuite application
C:\Documents and Settings\Kurt\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Glary Utilities\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Glary Utilities\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Glary Utilities\v9gls.exe    probably a variant of Win32/ELEX application
 



#13 runner13

runner13
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 10 March 2013 - 07:43 PM

Lol, Ya I'm still here, It took almost 2 hours for the Eset scan to run. Finally something that I can see. Lol

 

Thanks for all your help.

 

Kurt



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:24 PM

Posted 10 March 2013 - 07:46 PM

ComboFix
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
  • ClearJavaCache::
     
    File::
    C:\Documents and Settings\Kurt\My Documents\Downloads\cbsidlm-tr1_10a-ImgBurn-SEO-10847481.exe    
    C:\Documents and Settings\Kurt\My Documents\Downloads\cnet_watermark-image_zip.exe    
    C:\Documents and Settings\Kurt\My Documents\Downloads\FreeEasyCDDVDBurnerSetup-r101-w.exe    
    C:\Documents and Settings\Kurt\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe   
    C:\Program Files\Glary Utilities\ApnIC.dll    
    C:\Program Files\Glary Utilities\ApnToolbarInstaller.exe    
    C:\Program Files\Glary Utilities\v9gls.exe
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  • CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.
  • CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     
    Post the new ComboFix log and let me know what remaining malware problems you are having.  :)

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 runner13

    runner13
    • Topic Starter

    • Members
    • 30 posts
    • OFFLINE
    •  
    • Local time:10:24 PM

    Posted 11 March 2013 - 07:00 PM

    Ok,, Here is the latest combofix log.

     

    As for any remaining malware issues, I wasn't having any prior to the guy from "Yahoo" said that I had over 4,500 Trojan virus's. So I can't say that I'm having any issues, lol. Even up to this point I don't know if you're seeing virus's in the scans that I'm sending you or not, lol. I did see a few toolbar files with the online scan that I did yesterday. I'm not sure where those came from??

     

    If you could summarize what you've found for me the less computer savvy that would be great. If you don't have time to do that, I totally understand. You have been a great help.

     

    Thanks,

    Kurt

     

    ComboFix 13-03-11.01 - Kurt 03/11/2013  19:41:03.3.2 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1349 [GMT -4:00]
    Running from: c:\documents and settings\Kurt\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Kurt\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\documents and settings\Kurt\My Documents\Downloads\cbsidlm-tr1_10a-ImgBurn-SEO-10847481.exe"
    "c:\documents and settings\Kurt\My Documents\Downloads\cnet_watermark-image_zip.exe"
    "c:\documents and settings\Kurt\My Documents\Downloads\FreeEasyCDDVDBurnerSetup-r101-w.exe"
    "c:\documents and settings\Kurt\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe"
    "c:\program files\Glary Utilities\ApnIC.dll"
    "c:\program files\Glary Utilities\ApnToolbarInstaller.exe"
    "c:\program files\Glary Utilities\v9gls.exe"
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-02-11 to 2013-03-11  )))))))))))))))))))))))))))))))
    .
    .
    2013-03-10 22:31 . 2013-03-10 22:31    --------    d-----w-    c:\program files\ESET
    2013-03-05 00:59 . 2013-03-05 00:59    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
    2013-03-04 22:13 . 2013-02-28 08:36    163784    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2013-03-04 22:13 . 2013-02-28 08:36    49320    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2013-03-04 22:13 . 2013-02-28 08:36    66408    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-04 21:01 . 2013-03-04 22:17    --------    d-----w-    c:\documents and settings\Kurt\Local Settings\Application Data\LogMeIn Rescue Applet
    2013-02-20 08:00 . 2013-02-20 08:00    --------    d-----w-    c:\program files\MSXML 4.0
    2013-02-20 01:49 . 2011-09-28 14:20    200704    ----a-w-    c:\windows\system32\vbalExpBar6.ocx
    2013-02-20 01:49 . 2011-09-28 14:20    40960    ----a-w-    c:\windows\system32\SSubTmr6.dll
    2013-02-20 01:49 . 2011-09-28 14:20    15360    ----a-w-    c:\windows\system32\inetfr.DLL
    2013-02-20 01:49 . 2011-09-28 14:20    119568    ----a-w-    c:\windows\system32\VB6FR.DLL
    2013-02-20 01:49 . 2011-09-28 14:20    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
    2013-02-20 01:49 . 2011-09-28 14:20    484352    ----a-w-    c:\windows\system32\lame_enc.dll
    2013-02-20 01:49 . 2011-09-28 14:20    32768    ----a-w-    c:\windows\system32\CMDLGFR.DLL
    2013-02-20 01:49 . 2011-09-28 14:20    141312    ----a-w-    c:\windows\system32\MSCMCFR.DLL
    2013-02-20 01:49 . 2013-02-20 01:49    --------    d-----w-    c:\documents and settings\Kurt\Application Data\FreeBurner
    2013-02-20 01:48 . 2013-02-20 01:49    --------    d-----w-    c:\program files\Free Easy CD DVD Burner
    2013-02-20 01:22 . 2013-02-20 01:35    --------    d-----w-    c:\documents and settings\Kurt\Application Data\ImgBurn
    2013-02-20 00:47 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Roxio
    2013-02-20 00:23 . 2008-08-01 06:00    25584    ------w-    c:\windows\system32\drivers\SaibVd32.sys
    2013-02-20 00:23 . 2008-08-01 06:00    20464    ------w-    c:\windows\system32\drivers\SahdIa32.sys
    2013-02-20 00:23 . 2008-08-01 06:00    15856    ------w-    c:\windows\system32\drivers\SaibIa32.sys
    2013-02-20 00:22 . 2013-02-20 00:23    --------    d-----w-    c:\program files\InterActual
    2013-02-20 00:19 . 2013-02-20 00:19    --------    d-----w-    c:\program files\Windows Sidebar
    2013-02-19 23:05 . 2013-02-20 00:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\Roxio
    2013-02-19 23:03 . 2013-02-20 00:22    --------    d-----w-    c:\program files\Roxio Creator 2009 Ultimate
    2013-02-19 23:02 . 2013-02-20 00:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SmartSound Software Inc
    2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\SmartSound Software
    2013-02-19 23:02 . 2013-02-19 23:02    --------    d-----w-    c:\program files\MSXML 6.0
    2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-28 08:36 . 2011-05-31 20:55    368248    ----a-w-    c:\windows\system32\drivers\aswSP.sys
    2013-02-28 08:36 . 2011-05-31 20:55    765808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
    2013-02-28 08:36 . 2011-05-31 20:55    62448    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
    2013-02-28 08:36 . 2011-05-31 20:55    49832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
    2013-02-28 08:36 . 2011-05-31 20:55    29880    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
    2013-02-28 08:36 . 2011-05-31 20:55    41664    ----a-w-    c:\windows\avastSS.scr
    2013-02-28 08:35 . 2011-05-31 20:55    228600    ----a-w-    c:\windows\system32\aswBoot.exe
    2013-02-27 13:14 . 2012-04-02 01:31    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2013-02-27 13:14 . 2011-05-31 22:39    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-26 03:55 . 2008-04-13 23:00    552448    ------w-    c:\windows\system32\oleaut32.dll
    2013-01-07 01:19 . 2008-04-13 23:00    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2008-04-14 00:01    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2008-04-13 23:00    1867264    ------w-    c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-13 23:00    148992    ------w-    c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2008-04-13 23:00    1292288    ------w-    c:\windows\system32\quartz.dll
    2012-12-26 20:16 . 2008-04-13 23:00    916480    ------w-    c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2008-04-13 23:00    43520    ------w-    c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2008-04-13 23:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2008-04-13 23:00    385024    ------w-    c:\windows\system32\html.iec
    2012-12-16 12:23 . 2008-04-13 23:00    290560    ------w-    c:\windows\system32\atmfd.dll
    2012-12-14 20:49 . 2011-07-03 02:20    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2013-03-08 07:19 . 2013-03-08 07:19    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-02-28 08:35    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\Drgtodsc.exe" [2007-07-27 1133040]
    "gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
    "Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
    "RTHDCPL"="RTHDCPL.EXE" [2011-10-14 20064872]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-11 296056]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
    "CPMonitor"="c:\program files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2008-08-10 80368]
    .
    c:\documents and settings\Kurt\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Kurt\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54    551296    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 10:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 13:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-06-11 21:58    296056    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\Kurt\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/4/2013 6:13 PM 49320]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/4/2013 6:13 PM 163784]
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/19/2013 8:23 PM 20464]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/19/2013 8:23 PM 15856]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/2/2011 11:05 PM 13496]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/31/2011 4:55 PM 765808]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2011 4:55 PM 368248]
    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 7:39 PM 72992]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/19/2013 8:23 PM 25584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [8/1/2008 12:59 PM 125424]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 4:32 PM 464256]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2011 4:55 PM 29880]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/4/2013 6:13 PM 66408]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 7:39 PM 1078560]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/25/2012 9:37 AM 398184]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [11/22/2010 3:50 PM 66560]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2011 10:20 PM 21104]
    S0 cerc6;cerc6; [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2011 10:20 PM 682344]
    S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 1:25 AM 367088]
    S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 1:24 AM 309744]
    S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 1:24 AM 170480]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/30/2011 7:51 AM 1691480]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 1:25 AM 313840]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 1:23 AM 1124848]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - MBAMSCHEDULER
    *NewlyCreated* - MBAMSERVICE
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:14]
    .
    2013-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2013-03-06 c:\windows\Tasks\ASC6_PerformanceMonitor.job
    - c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-11-09 01:33]
    .
    2013-03-11 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 08:36]
    .
    2013-03-06 c:\windows\Tasks\ExpressBurnDowngrade.job
    - c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-01-22 08:50]
    .
    2013-03-06 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-05-31 06:22]
    .
    2013-03-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
    .
    2013-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-1801674531-1417001333-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
    .
    2013-03-11 c:\windows\Tasks\SmartDefrag_Schedule.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-03 00:19]
    .
    2013-03-06 c:\windows\Tasks\VideoPadDowngrade.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
    .
    2013-02-23 c:\windows\Tasks\VideoPadReminder.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2013-01-22 00:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Kurt\Application Data\Mozilla\Firefox\Profiles\2ee6lzoh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - ExtSQL: 2013-01-22 18:58; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF - ExtSQL: 2013-03-06 15:57; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    FF - ExtSQL: !HIDDEN! 2011-05-31 14:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-11 19:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(832)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1916)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Kurt\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-03-11  19:51:55
    ComboFix-quarantined-files.txt  2013-03-11 23:51
    ComboFix2.txt  2013-03-06 21:15
    ComboFix3.txt  2013-03-05 00:14
    .
    Pre-Run: 83,318,071,296 bytes free
    Post-Run: 83,304,161,280 bytes free
    .
    - - End Of File - - 1E243FB523BF523BE392B7EC5DEC2E93
     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users